Who needs to be a User?

As you consider which permissions everyone in your team needs to 1Password, use your secrets audit to guide your decisions. Giving employees a secure, centralized way to manage and store sensitive information improves the security posture of your organization.

However, if you need to make choices on who will be added; consider what that person needs to access to do their job. 

• If someone uses multiple unique-to-them credentials that need to be stored within a personal employee vault, or needs access to many shared sensitive resources–they should likely be a User.
• If they’re a contractor or part-time employee with no need to store unique credentials in a personal vault, and will only require access to single shared vault of information–a Guest User may be enough.
• If someone doesn’t handle any sensitive information, they may not need access–but even one unprotected password can become a vulnerability. Consider the risk of compromise before excluding anyone.